Senior Security Governance and Risk Consultant

Tenchi is a Cyber Security company building innovative technology focused on Third-Party Cyber Risk Management for businesses. Founded by serial entrepreneurs and supported by solid institutional investors, we are driven to disrupt this fast-growing industry.

Tenchi was created to tackle a real challenge: companies often face security risks because their third-parties don't maintain the same level of cyber protection. This gap leaves even the largest organizations potentially vulnerable to incidents they can't directly control. That's exactly where we step in.

Our TPCRM SaaS solution, Zanshin, is the only global TPCRM solution that offers both inside-out and outside-in visibility - combining external attack surface monitoring with automated, continuous, and non-intrusive assessments of cloud infrastructure (IaaS, PaaS, SaaS) and security controls.

At Tenchi, we build innovative technology to help companies secure their ecosystems with transparency and peace of mind. We are ambitious and purpose-driven. Our culture is rooted in intentionality, transparency, and action. We move fast, communicate openly, and invest in people who want to make an impact.

As a 100% remote company with team members across Brazil, the US, Canada, Argentina, and Spain, we embrace flexibility while solving meaningful challenges together.

Want to know more about our DNA? Watch the video.

• Lead the planning, execution, and delivery of security governance and risk management projects for clients across various industries;
• Conduct security maturity assessments based on established frameworks (e.g., NIST CSF, CIS Controls, ISO/IEC 27001), and identify gaps, risks, and areas for improvement;
• Design, implement, and maintain Information Security Management Systems (ISMS) in compliance with ISO 27001 or other relevant standards;
• Develop and manage Information Security Master Plans (PDSI), aligning security strategy with business objectives;
• Execute Third Party Cyber Risk Management (TPCRM) processes, including due diligence assessments, vendor risk scoring, and remediation planning;
• Lead or support cybersecurity audits and regulatory compliance reviews (e.g., LGPD, GDPR, SOX);
• Provide guidance and recommendations to clients on risk mitigation strategies, security policies, procedures, and controls;
• Collaborate with cross-functional teams (Legal, IT, Compliance, Procurement, etc.) to embed security governance into broader business processes;
• Conduct occasional on-site visits to clients or third parties as required by project needs;
• Deliver executive-level reporting and presentations on risk posture, findings, and strategic recommendations;
• Mentor junior consultants and support internal capability development within the GRC team;
• Stay up to date with emerging threats, regulatory changes, and industry trends to continuously enhance client value and service delivery.

• Deep understanding of security frameworks, regulations, and cybersecurity compliance requirements (e.g., NIST, CIS, ISO/IEC 27000);
• Proven track record of leading and delivering complex security projects with direct client interaction;
• Experience with risk assessment tools and methodologies is a plus;
• Strong analytical, organizational, and problem-solving skills;
• Excellent interpersonal and communication abilities, with the capability to convey complex topics in a clear and concise manner;
• Certifications such as CISSP, CISM, CRISC, or similar are strongly preferred;
• Comfortable working in remote environments while maintaining high engagement and collaboration with clients and teams.
• Fluency in Portuguese and English.